recommended reading

Threatwatch

Prominent porn site hacked

Credential-stealing malware; Network intrusion

Users of adult sites often pick up computer infections because the site operators practice poor security hygiene, but the explanation for why malicious code was injected into beeg[dot]com could be different.

The site owners have not disclosed details.

The blog Malwarebytes has some theories. “There are a number of reasons why any website can get hacked ranging from poor password hygiene to how valuable of a target it is, the latter often determined by how much traffic it is getting. And this is precisely why this post is relevant. The site in question beeg[dot]com, is one of the top adult domains. “

It purports to garner 5.6 million unique visits a day. 

“The majority of website hacks are automated and not run by a human sitting behind a computer,” Malwarebytes reports. “There are scripts scanning the web for known vulnerabilities and weak passwords.”

What’s different here is the value of the site to identity thieves.

“When a high-profile site gets compromised, one has to wonder whether this was the work of an individual who spent the time and effort on it,” Malwareybytes continues. “After all, when your site receives millions of visitors per day, even a few hours worth of malware infections would generate a lot of money.”

Meanwhile, Dynamoo's Blog speculates a marketer sold the site's owners poisoned ads. 

On 3/21, after writing about the breach, Malwarebytes received a message from the owners stating, “hey guys, 
we are the owners of the site. it’s hacked. we believe our servers are clean now. please add our comment to the post.
Thanks”

The beeg [dot] com site also posted an acknowledgment stating, “Our site’s been hacked. It’s clean now. It may take some time to your browser to get the latest database update.”

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves. 

sector

Entertainment

reported

March 20, 2014

reported by

Malwarebytes

number affected

Unknown

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Russia

date breach occurred

Unknown

date breach detected

March 18, 2014